You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "Samisa Abeysinghe (JIRA)" <ji...@apache.org> on 2010/12/21 14:30:00 UTC

[jira] Resolved: (RAMPART-239) Axis2: Rampart module should not check the order of WS-Security header tags

     [ https://issues.apache.org/jira/browse/RAMPART-239?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Samisa Abeysinghe resolved RAMPART-239.
---------------------------------------

       Resolution: Invalid
    Fix Version/s: NextVersion

WSDoAllReceiver is deprecated, so this issue no longer applies. Please use the policy based approach. 

> Axis2: Rampart module should not check the order of WS-Security header tags
> ---------------------------------------------------------------------------
>
>                 Key: RAMPART-239
>                 URL: https://issues.apache.org/jira/browse/RAMPART-239
>             Project: Rampart
>          Issue Type: Bug
>    Affects Versions: 1.4
>         Environment: Linux  2.6.9-78.0.1.ELsmp   x86_64 x86_64 x86_64 GNU/Linux
>            Reporter: Peter Kim
>             Fix For: NextVersion
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> According to WS-Security specification, the order of security header tags can be in any sequence. eg.
> under <wsse:Security>, it can <Timestamp> and <UsernameToken> in any order, but current Rampart module is checking this sequence by calling wss4j default method  (see below) to check the order (WSDoAllReceiver.java)        
>          * now check the security actions: do they match, in right order?
>          */
>         if (!checkReceiverResults(wsResult, actions)) {
>             throw new AxisFault(
>                     "WSDoAllReceiver: security processing failed (actions mismatch)");
>         }
> Please rectify this to fulfill the security requirement by either removing this or enable as an optional field.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org